A semiconductor memory chip provided on a semiconductor die is not usually used by itself, but is used while being electrically connected to a controller provided on the outside thereof. An external device (e.g., a writing device, a reading device, or a playback device) accesses data stored in a memory included in the semiconductor memory chip via a controller. In some situations, a controller and a semiconductor memory chip are combined together and sold as a memory product. For instance, examples of such memory products include merchandise such as Secure Digital (SD) memory cards. In some other situations, a product obtained by adhering a semiconductor memory chip to a controller with the use of a resin is provided as a System In Package (SIP). Further, in the case where a semiconductor memory chip is employed in an audio player or the like for the purpose of storing music data therein, the controller may be incorporated in a part of another semiconductor that is different from the semiconductor memory chip. In any of these situations, the semiconductor memory chip is directly connected to the controller, so that the access to the data stored in the memory included in the semiconductor memory chip is always made via the controller.
The controller not only intermediates the access to the data stored in the semiconductor memory chip, but also provides a security function in some situations. For example, for SD memory cards, a copyright protecting function has been introduced to the controller. The controller is configured so as to authenticate a host device such as a player or a writing device, so that, only if the host device has successfully been authenticated, the controller allows the data stored in the semiconductor memory chip to be transferred to the host device. Further, only if a writing device has successfully been authenticated, the controller records the data received from the writing device into the semiconductor memory chip. With these arrangements, an illegitimate player that has not been authenticated, for example, is not able to access the data stored in the memory card. Accordingly, it is possible to protect the data stored in the memory card from being stolen by the illegitimate player.
Even in the situation where the copyright protecting function is realized by the controller for the memory card, other types of attacks may occur. For example, let us assume that video data is stored in a memory card. The video data stored in the memory card is protected from being read by an illegitimate player because of the copyright protecting function of the controller for the memory card. Thus, the video data is protected from illegitimate copying that uses an illegitimate player.
However, it is possible for an adversary to open the package of a memory card and to read all the video data from the semiconductor memory chip. Further, by copying the video data onto another semiconductor memory chip and combining the semiconductor memory chip with a controller that has been purchased separately, the adversary will be able to produce copies of a counterfeit memory as many as he likes, in which the video data is stored. Furthermore, a legitimate player is able to play back the video data stored in each of the counterfeit memory cards, just like video data stored in a legitimate memory card.